Lucene search

K
amazonAmazonALAS-2012-036
HistoryJan 19, 2012 - 8:08 p.m.

Important: libxml2

2012-01-1920:08:00
alas.aws.amazon.com
12

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

89.8%

Issue Overview:

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)

Affected Packages:

libxml2

Issue Correction:
Run yum update libxml2 to update your system.

New Packages:

i686:  
    libxml2-devel-2.7.6-4.11.amzn1.i686  
    libxml2-static-2.7.6-4.11.amzn1.i686  
    libxml2-debuginfo-2.7.6-4.11.amzn1.i686  
    libxml2-python-2.7.6-4.11.amzn1.i686  
    libxml2-2.7.6-4.11.amzn1.i686  
  
src:  
    libxml2-2.7.6-4.11.amzn1.src  
  
x86_64:  
    libxml2-2.7.6-4.11.amzn1.x86_64  
    libxml2-python-2.7.6-4.11.amzn1.x86_64  
    libxml2-devel-2.7.6-4.11.amzn1.x86_64  
    libxml2-debuginfo-2.7.6-4.11.amzn1.x86_64  
    libxml2-static-2.7.6-4.11.amzn1.x86_64  

Additional References

Red Hat: CVE-2011-3905, CVE-2011-3919

Mitre: CVE-2011-3905, CVE-2011-3919

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

89.8%